Side-channel attacks using speculative execution. Allows attacks e.g. through cache timing, even against crypto code that defends against such attacks using best practices. Allows JITted code to read memory outside its sandbox.